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DETAILED ACTION 



1 . This action is in response to the communication filed on September 22, 2000. 
Claims 1-48 were received for consideration. No preliminary amendments for the 
claims were filed. Claim 1-48 are currently being considered. 



2. Initialed and dated copies of Applicant's IDS form 1449, Paper No. 2-12 are 
attached to the Office action. 



3. Claim 14 is objected to because of the following informalities: The claim states 
"method of claim 1 1 ." It is assumed by the examiner that this should be "method of 
claim 13," and has been interpreted as such. Appropriate correction is required. 

4. Claim 25 is objected to because of the following informalities: The claim states in 
line 7 "for protecting usage a subset." There is a "of that should be placed after 
"usage." Appropriate correction is required. 



Information Disclosure Statement 



Claim Objections 
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Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-6, 9-18, 21-30, 33-42, and 45-48 rejected under 35 U.S.C. 102(e) as 
being anticipated by England et al. (U.S. Patent 6,327,652). 

Regarding claim 1, England discloses: 
An apparatus comprising: 

a key generator to generate an operating system nub key (OSNK) unique to an 
operating system (OS) nub, the OS nub being part of an operating system running on a 
secure platform (Figure 8 item 801, column 7 line 45-61, column 17 lines 1-15); and 

a usage protector coupled to the key generator to protect usage of a subset of a 
software environment using the OSNK (column 17 line 1 - column 18 line 13). 

England discloses an apparatus that uses an Operating System (OS) key to secure 
access to an operating system operating in a secure mode. Furthermore, England 
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describes that "an unrelated operating system cannot gain access to the encrypted 
data" (column 17 lines 54-58) because of the requirement of the OS key. 

Regarding claim 13, England discloses: 
A method comprising: 

generating an operating system nub key (OSNK) unique to an operating system 
(OS) nub, the OS nub being part of an operating system running on a secure platform 
(Figure 8 item 801, column 7 line 45-61, column 17 lines 1-15); and 

protecting usage of a subset of the software environment using the OSNK 
(column 17 line 1 - column 18 line 13). 

England discloses an apparatus that uses an Operating System (OS) key to secure 
access to an operating system operating in a secure mode. Furthermore, England 
describes that "an unrelated operating system cannot gain access to the encrypted 
data" (column 17 lines 54-58) because of the requirement of the OS key. 

Regarding claim 25, England discloses: 
A computer program comprising: 

a computer usable medium having computer program code embodied therein, 
the computer program product having: 

computer readable program code for generating an operating system nub key 
(OSNK) unique to an operating system (OS) nub, the OS nub being part of an operating 




Application/Control Number: 09/668,61 0 Page 5 

Art Unit: 2131 

system running on a secure platform (Figure 8 item 801, column 7 line 45-61, column 
17 lines 1-15); and 

computer readable program code for protecting usage of a subset of the software 
environment using the OSNK (column 17 line 1 - column 18 line 13). 



England discloses an apparatus that uses an Operating System (OS) key to secure 
access to an operating system operating in a secure mode. Furthermore, England 
describes that "an unrelated operating system cannot gain access to the encrypted 
data" (column 17 lines 54-58) because of the requirement of the OS key. 



Regarding claim 37, England discloses: 
A system comprising: 

a processor (Fig 1B item 160, column 7 line 44-50); 
a storage device coupled to the processor, the storage storing a subset of a 
software environment (Fig 1B item 184); and 
a usage protector comprising: 

a key generator to generate a operating system nub key (OSNK) unique to an 
operating system (OS) nub, the operating system nub being part of a software 
environment running on a secure platform (Figure 8 item 801 , column 7 line 45-61 , 
column 17 lines 1-15); and 

a usage protector coupled to the key generator to protect usage of a subset of 
the software environment using the OSNK (column 17 line 1 - column 18 line 13). 
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England discloses an apparatus that uses an Operating System (OS) key to secure 
access to an operating system operating in a secure mode. Furthermore, England 
describes that "an unrelated operating system cannot gain access to the encrypted 
data" (column 17 lines 54-58) because of the requirement of the OS key. 

Claim 2 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim 1 wherein the key generator comprises: 

a combiner to combine an identification of the OS nub and a master binding key 

(BKO) of the secure platform, the combined identification and the BKO corresponding to 

the OSNK (column 12 line 53-65). 

England discloses providing a one-way hashing function of the loaded components of 
the secure OS and then signing the hash with a private key corresponding to the 
operating system components. 

Claim 4 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim 1 wherein the usage protector comprises: 
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an encryptor to encrypt the subset of the software environment using the OSNK, 
the encrypted subset being stored in a storage (column 7 lines 44- 50, column 13 lines 
10-59); and 

a decryptor to decrypt the encrypted subset using the OSNK, the encrypted 
subset being retrieved from the storage (column 7 lines 44-50, column 13 lines 10-59). 



Claim 5 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim wherein the usage protector comprises: 

an encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK, the encrypted first hash value being stored in a storage 
(column 7 lines 44-50, column 13 lines 10-59); 

a decryptor to decrypt the encrypted first hash value using the OSNK, the 
encrypted first hash value being retrieved from the storage (column 7 lines 44-50, 
column 13 lines 10-59); and 

a comparator to compare the decrypted first hash value to a second hash value 
to generate a compared result, the compared result indicating whether the subset of the 
software environment has been modified (column 7 lines 44-50, column 13 lines 10-59). 

Claim 6 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim 1 wherein the usage protector comprises: 
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a first encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK, the encrypted first hash value being stored in a storage 
(column 7 lines 44-50, column 13 lines 10-59); 

a second encryptor to encrypt a second hash value using the OSNK (column 7 
lines 44-50, column 13 lines 10-59); and 

a comparator to compare the encrypted second hash value to the encrypted first 
hash value to generate a compared result, the encrypted first hash value being retrieved 
from the storage, the compared result indicating whether the subset of the software 
environment has been modified (column 7 lines 44-50, column 13 lines 10-59). 

Claim 9 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim 1 wherein the secure platform uses an isolated execution 
mode (column 2 lines 47-67). 

Claim 10 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim 1 wherein the software environment is one of a Windows 
operating system, a Windows 95 operating system, a Windows 98 operating system, a 
Windows NT operating system, and a Windows 2000 operating system (column 21 lines 
25-29). 
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Claim 1 1 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim 1 wherein the subset of the software environment is a 
registry of an operating system (column 13 lines 37 - 53). 

Regarding claim 13, England discloses: 
A method comprising: 

generating an operating system nub key (OSNK) unique to an operating system 
(OS) nub, the OS nub being part of an operating system running on a secure platform; 
and 

protecting usage of a subset of the software environment using the OSNK. 



Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 

The method of claim 13 wherein generating the OSNK comprises: 

combining an identification of the OS nub and a master binding key (BKO) of the 

secure platform, the combined identification and the BKO corresponding to the OSNK 

(column 12 line 53-65). 

Claim 16 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 
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The method of claim 13 wherein protecting usage comprises: 

encrypting the subset of the software environment using the OSNK (column 7 

lines 44- 50, column 13 lines 10-59); 

storing the encrypted subset in a storage (column 7 lines 44- 50, column 13 lines 

10-59); and 

decrypting the encrypted subset from the storage using the OSNK (column 7 
lines 44-50, column 13 lines 10-59). 

Claim 17 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 

The method of claim 13 wherein protecting usage comprises: 

encrypting a first hash value of the subset of the software environment using the 
OSNK, the encrypted first hash value being stored in a storage (column 7 lines 44-50, 
column 13 lines 10-59); 

decrypting the encrypted first hash value of the subset of the software 
environment using the OSNK, the encrypted first hash value being retrieved from the 
storage (column 7 lines 44-50, column 13 lines 10-59); and 

comparing the decrypted first hash value to a second hash value to generate a 
compared result, the decrypted first hash value being retrieved from the storage, the 
compared result indicating whether the subset of the software environment has been 
modified (column 7 lines 44-50, column 13 lines 10-59). 
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Claim 18 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 

The method of claim 13 wherein protecting usage comprises: 

encrypting a first hash value of the subset of the software environment using the 

OSNK, the encrypted first hash value being stored in a storage (column 7 lines 44-50, 

column 13 lines 10-59); 

encrypting a second hash value using the OSNK (column 7 lines 44-50, column 

13 lines 10-59); and 

comparing the encrypted first hash value to the encrypted second hash value to 
generate a compared result, the encrypted first hash value being retrieved from the 
storage, the compared result indicating whether the subset of the software environment 
has been modified (column 7 lines 44-50, column 13 lines 10-59). 

Claim 21 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 

The method of claim 13 wherein the secure platform uses an isolated execution 
mode (column 2 lines 47-67). 

Claim 22 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 

The method of claim 13 wherein the software environment is one of a Windows 
operating system, a Windows 95 operating system, a Windows 98 operating system, a 
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Windows NT operating system, and a Windows 2000 operating system (column 21 lines 
25-29). 

Claim 23 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 

The method of claim 13 wherein the subset of the software environment is a 
registry of the operating system (column 13 lines 37 - 53). 

Claim 26 is rejected as applied above in rejecting claim 25. Furthermore, England 
discloses: 

the computer program of claim 25 wherein the computer readable program code 
for generating the OSNK comprises: 

computer readable program code for combining an identification of the OS nub 
and a master binding key (BK0) of the secure platform, the combined identification and 
the BK0 corresponding to the OSNK (column 12 line 53-65). 

Claim 28 is rejected as applied above in rejecting claim 25. Furthermore, England 
discloses: 

The computer program product of claim 25 wherein the computer readable 
program code for protecting usage comprises: 

computer readable program code for encrypting the subset of the software 
environment using the OSNK (column 7 lines 44- 50, column 13 lines 10-59); 
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computer readable program code for storing the encrypted subset (column 7 
lines 44- 50, column 13 lines 10-59); and 

computer readable program code for decrypting the encrypted subset from the 
storage using the OSNK (column 7 lines 44-50, column 13 lines 10-59). 

Claim 29 is rejected as applied above in rejecting claim 25. Furthermore, England 
discloses: 

The computer program product of claim 25 wherein the computer readable 
program code for protecting usage comprises: 

computer readable program code for encrypting a first hash value of the subset 
of the software environment using the OSNK, the encrypted first hash value being 
stored in storage (column 7 lines 44-50, column 13 lines 10-59); 

computer readable program code for decrypting the encrypted first hash value of 
the subset of the software environment using the OSNK, the encrypted first hash value 
being retrieved from the storage (column 7 lines 44-50, column 13 lines 10-59); and 

computer readable program code for comparing the decrypted first hash value to 
a second hash value to generate a compared result, the decrypted first hash value 
being retrieved from the storage, the compared result indicating whether the subset of 
the software environment has been modified (column 7 lines 44-50, column 13 lines 10- 



59). 
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Claim 30 is rejected as applied above in rejecting claim 25. Furthermore, England 
discloses: 

The computer program product of claim 25 wherein the computer readable 
program code for protecting usage comprises: 

computer readable program code for encrypting a first hash value of the subset 
of the software environment using the OSNK, the encrypted first hash value being 
stored in storage (column 7 lines 44-50, column 13 lines 10-59); 

computer readable program code for encrypting a second hash value using the 
OSNK (column 7 lines 44-50, column 13 lines 10-59); and 

computer readable program code for comparing the encrypted first hash value to 
the encrypted second hash value to generate a compared result, the encrypted first 
hash value being retrieved from the storage , the compared result indicating whether the 
subset of the software environment has been modified (column 7 lines 44-50, column 
13 lines 10-59). 

Claim 33 is rejected as applied above in rejecting claim 25. Furthermore, England 
discloses: 

The computer program product of claim 25 wherein the secure platform uses an 
isolated execution mode (column 2 lines 47-67). 

Claim 34 is rejected as applied above in rejecting claim 25. Furthermore, England 
discloses: 
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The computer program product of claim 25 wherein the software environment is 
one of a Windows operating system, a Windows 95 operating system, a Windows 98 
operating system, a Windows NT operating system, and a Windows 2000 operating 
system (column 21 lines 25-29). 

Claim 35 is rejected as applied above in rejecting claim 25. Furthermore England 
discloses: 

The computer program product of claim 25 wherein the subset of the software 
environment is a registry of an operating system (column 13 lines 37 - 53). 

Claim 38 is rejected as applied above in rejecting claim 37. Furthermore, England 
discloses: 

The system of claim 37 wherein the key generator comprises: 

a combiner to combine an identification of the operating system nub and a 

master binding key (BKO) of the secure platform, the combined identification and BKO 

corresponding to the OSNK (column 12 line 53-65). 

Claim 40 is rejected as applied above in rejecting claim 37. Furthermore, England 
discloses: 

The system of claim 37 wherein the usage protector comprises: 
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an encryptor to encrypt the subset of the software environment using the OSNK, 
the encrypted subset being stored in a storage (column 7 lines 44- 50, column 13 lines 
10-59); and 

a decryptor to decrypt the encrypted subset using the OSNK, the encrypted 
subset being retrieved from the storage (column 7 lines 44-50, column 13 lines 10-59). 

Claim 41 is rejected as applied above in rejecting claim 37. Furthermore, England 
discloses: 

The system of claim 37 wherein the usage protector comprises: 

an encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK, the encrypted first hash value being stored in a storage 
(column 7 lines 44-50, column 13 lines 10-59); 

a decryptor to decrypt the encrypted first hash value using the OSNK, the 
encrypted first hash value being retrieved from the storage (column 7 lines 44-50, 
column 13 lines 10-59); and 

a comparator to compare the decrypted first hash value to a second hash value 
to generate a compared result, the compared result indicating whether the subset of the 
software environment has been modified (column 7 lines 44-50, column 13 lines 10-59). 



Claim 42 is rejected as applied above in rejecting claim 37. Furthermore, England 
discloses: 

The system of claim 37 wherein the usage protector comprises: 
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a first encryptor to encrypt a first hash value of the subset of the software 
environment using the OSNK, the encrypted first hash value being stored in a storage 
(column 7 lines 44-50, column 13 lines 10-59); 

a second encryptor to encrypt a second hash value using the OSNK (column 7 
lines 44-50, column 13 lines 10-59); and 

a comparator to compare the encrypted second hash value to the encrypted first 
hash value to generate a compared result, the encrypted first hash value being retrieved 
from the storage, the compared result indicating whether the subset of the software 
environment has been modified (column 7 lines 44-50, column 13 lines 10-59). 

Claim 45 is rejected as applied above in rejecting claim 37. Furthermore, England 
discloses: 

The system of claim 37 wherein the secure platform uses an isolated execution 
mode (column 2 lines 47-67). 

Claim 46 is rejected as applied above in rejecting claim 37. Furthermore, England 
discloses: 

The system of claim 37 wherein the software environment is one of a Windows 
operating system, a Windows 95 operating system, a Windows 98 operating system, a 
Windows NT operating system, and a Windows 2000 operating system (column 21 lines 
25-29). 
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Claim 47 is rejected as applied above in rejecting claim 37. Furthermore, England 
discloses: 

The system of claim 37 wherein the subset of the software environment is a 
registry of an operating system (column 13 lines 37 - 53). 

Claim 3 is rejected as applied above in rejecting claim 2. Furthermore, England 
discloses: 

The apparatus of claim 2 wherein the identification is a hash value of one of the 
OS nub and a certificate representing the OS nub (column 12 line 53-65). 

Claim 12 is rejected as applied above in rejecting claim 2. Furthermore, England 
discloses: 

The apparatus of claim 2 wherein the BKO is generated at random on a first 
invocation of a processor nub (column 17 lines 1-15). 

Claim 15 is rejected as applied above in rejecting claim 14. Furthermore, England 
discloses: 

The method of claim 14 wherein the identification is a hash value of one of the 
OS nub and a certificate representing the OS nub (column 12 line 53-65). 

Claim 24 is rejected as applied above in rejecting claim 14. Furthermore, England 
discloses: 



Application/Control Number: 09/668,610 Page 19 

Art Unit: 2131 

The method of claim 14, wherein the BKO is generated at random on a first 
invocation of a processor nub (column 17 lines 1-15). 

Claim 27 is rejected as applied above in rejecting claim 26. Furthermore, England 
discloses: 

The computer program product of claim 26 wherein the identification is a hash 
value of one of the OS nub and a certificate representing the OS nub (column 12 line 
53-65). 

Claim 36 is rejected as applied above in rejecting claim 26. Furthermore, England 
discloses: 

The computer program product of claim 26 wherein the BKO is generated at 
random on a first invocation of a processor nub (column 17 lines 1-15). 

Claim 39 is rejected as applied above in rejecting claim 38. Furthermore, England 
discloses: 

The system of claim 38 wherein the identification is a hash value of one of the 
OS nub and a certificate representing the OS nub (column 12 line 53-65). 

Claim 48 is rejected as applied above in rejecting claim 38. Furthermore, England 
discloses: 
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The system of claim 38, wherein the BKO is generated at random on a first 
invocation of a processor nub (column 17 lines 1-15). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 7-8, 19-20, 31-32, and 43-44 are rejected under 35 U.S.C. 103(a) as 

being unpatentable over England et al. (U.S. Patent 6,327,652). 



Claim 7 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim 1 wherein the usage protector comprises: 

a decryptor to decrypt a protected private key to generate a private key using the 
OSNK (column 7 lines 44-50, column 13 lines 10-59); 

a signature generator coupled to the decryptor to generate a signature of the 
subset of the software environment using the private key, the signature being stored in 
a storage (column 7 lines 44-50, column 13 lines 10-59); and 

a signature verifier to verify the signature to generate a modified/not modified flag 
using a public key, the signature being retrieved from the storage, the modified/not 
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modified flag indicating whether the subset has been modified (column 7 lines 44-50, 
column 13 lines 10-59). 

England discloses that a "CPU 140 is capable of performing cryptographic functions, 
such as signing, encrypting, decrypting, and authenticating." It is obvious that the 
capability exists in the apparatus of England to decrypt a protected private key. Also, it 
is described that the processor has the capability to generate signatures, and the 
verification procedure for a signature is analogous to the comparator of the one-way 
hash functions. 

Claim 8 is rejected as applied above in rejecting claim 1 . Furthermore, England 
discloses: 

The apparatus of claim 1 wherein the usage protector comprises: 
a manifest generator to generate a manifest of the subset of the software 
environment, the manifest describing the subset of the software environment, the 
manifest being stored in storage (column 7 lines 44-50, column 13 lines 10-59); 

a signature generator coupled to the manifest generator coupled to the manifest 
generator to generate a manifest signature using a private key, the private key being 
decrypted by a decryptor using the OSNK, the manifest signature being stored in the 
storage (column 7 lines 44-50, column 13 lines 10-59); 
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a signature verifier to verify the manifest signature to generate a signature 
verified flag using a public key, the manifest signature being retrieved from the storage 
(column 7 lines 44-50, column 13 lines 10-59); and 

a manifest verifier to verify the manifest to generate a manifest verified flag, the 
manifest being retrieved from the storage, the manifest verified flag and the signature 
verified flag being tested at a test center, the test center generating a pass/fail signal to 
indicate whether the subset has been modified (column 7 lines 44-50, column 13 lines 
10-59). 

A manifest is described as a "descriptor" or as "representing the subset in a concise 
manner." England discloses a representation of a component of code in an OS, "the 
identity is a cryptographic digest of the code for the component, or a well-known name, 
or any other sting that is uniquely associated with the component." This can be 
interpreted as a "manifest" and the system of producing it as a "manifest generator." 
England discloses that a "CPU 140 is capable of performing cryptographic functions, 
such as signing, encrypting, decrypting, and authenticating." Also, England discloses 
"appending the identity of each loaded component" and "signing the boot log to attest to 
its validity." The signing of the boot log represents a signature generator that is present, 
and a verifier to verify the validity of the signed component. Also, the manifest verifier is 
encompassed in the verification that the "boot log has not been tampered with" by 
comparing the cryptographic digests of the manifest created for each of the 
components. 
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Claim 19 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 

The method of claim 13 wherein protecting usage comprises: 

decrypting a protected private key to generate a private key using the OSNK 

(column 7 lines 44-50, column 13 lines 10-59); 

generating a signature of the subset of the software environment using the 

private key, the signature being stored in a storage (column 7 lines 44-50, column 13 

lines 10-59); and 

verifying the signature to generate a modified/not modified flag using a public 
key, the signature being retrieved from the storage, the modified/ not modified flag 
indicating whether the subset of the software environment has been modified (column 7 
lines 44-50, column 13 lines 10-59). 

England discloses that a "CPU 140 is capable of performing cryptographic functions, 
such as signing, encrypting, decrypting, and authenticating." It is obvious that the 
capability exists in the apparatus of England to decrypt a protected private key. Also, it 
is described that the processor has the capability to generate signatures, and the 
verification procedure for a signature is analogous to the comparator of the one-way 
hash functions. 
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Claim 20 is rejected as applied above in rejecting claim 13. Furthermore, England 
discloses: 

The method of claim 13 wherein detecting comprises: 

generating a manifest of the subset of the software environment, the manifest 
describing the subset of the software environment, the manifest being stored in a 
storage (column 7 lines 44-50, column 13 lines 10-59); 

generating a manifest signature of the manifest using a private key, the private 
key being decrypted using the OSNK, the manifest signature being stored in the storage 
(column 7 lines 44-50, column 13 lines 10-59); 

verifying the manifest signature to generate a signature verified flag using a 
public key, the manifest signature being retrieved from the storage (column 7 lines 44- 
50, column 13 lines 10-59); and 

verifying the manifest to generate a manifest verified flag, the manifest being 
retrieved from the storage, the manifest verified flag and the signature verified flag being 
tested at a test center, the test center generating a pass/fail signal, the pass/fail signal 
indicating whether the subset of the software environment has been modified (column 7 
lines 44-50, column 13 lines 10-59). 

A manifest is described as a "descriptor" or as "representing the subset in a concise 
manner." England discloses a representation of a component of code in an OS, "the 
identity is a cryptographic digest of the code for the component, or a well-known name, 
or any other sting that is uniquely associated with the component." This can be 
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interpreted as a "manifest" and the system of producing it as a "manifest generator." 
England discloses that a "CPU 140 is capable of performing cryptographic functions, 
such as signing, encrypting, decrypting, and authenticating." Also, England discloses 
"appending the identity of each loaded component" and "signing the boot log to attest to 
its validity." The signing of the boot log represents a signature generator that is present, 
and a verifier to verify the validity of the signed component. Also, the manifest verifier is 
encompassed in the verification that the "boot log has not been tampered with" by 
comparing the cryptographic digests of the manifest created for each of the 
components. 



Claim 31 is rejected as applied above in rejecting claim 25. Furthermore, England 
discloses: 

The computer program product of claim 25 wherein the computer readable 
program code for protecting usage comprises: 

computer readable program code for decrypting a protected private key to 
generate a private key using the OSNK (column 7 lines 44-50, column 13 lines 10-59); 

computer readable program code for generating a signature of the subset of the 
software environment using the private key, the signature being stored in a storage 
(column 7 lines 44-50, column 13 lines 10-59); and 

computer readable program code for verifying the signature to generate a 
modified/not modified flag using a public key, the signature being retrieved from the 
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storage, the modified/not modified flag indicating whether the software environment has 
been modified (column 7 lines 44-50, column 13 lines 10-59). 



England discloses that a "CPU 140 is capable of performing cryptographic functions, 
such as signing, encrypting, decrypting, and authenticating." It is obvious that the 
capability exists in the apparatus of England to decrypt a protected private key. Also, it 
is described that the processor has the capability to generate signatures, and the 
verification procedure for a signature is analogous to the comparator of the one-way 
hash functions. 



Claim 32 is rejected as applied above in rejecting claim 25. Furthermore, England 
discloses: 

The computer program product of claim 25 wherein the computer readable 
program code for protecting usage comprises: 

computer readable program code for generating a manifest of the subset of the 
software environment, the manifest being stored in a storage (column 7 lines 44-50, 
column 13 lines 10-59); 

computer readable program code for generating a manifest signature of the 
manifest using a private key, the private key being decrypted using the OSNK, the 
manifest signature being stored in the storage (column 7 lines 44-50, column 13 lines 
10-59); 
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computer readable program code for verifying the manifest signature to generate 
a signature verified flag using a public key, the manifest signature being retrieved from 
the storage (column 7 lines 44-50, column 13 lines 10-59); and 

computer readable program code for verifying the manifest to generate a 
manifest verified flag, the manifest being retrieved from the storage, the manifest 
verified flag and the signature verified flag being tested at a test center, the test center 
generating a pass/fail signal, the pass/fail signal indicating whether the subset of the 
software environment has been modified (column 7 lines 44-50, column 13 lines 10-59). 

A manifest is described as a "descriptor" or as "representing the subset in a concise 
manner." England discloses a representation of a component of code in an OS, "the 
identity is a cryptographic digest of the code for the component, or a well-known name, 
or any other sting that is uniquely associated with the component." This can be 
interpreted as a "manifest" and the system of producing it as a "manifest generator." 
England discloses that a "CPU 140 is capable of performing cryptographic functions, 
such as signing, encrypting, decrypting, and authenticating." Also, England discloses 
"appending the identity of each loaded component" and "signing the boot log to attest to 
its validity." The signing of the boot log represents a signature generator that is present, 
and a verifier to verify the validity of the signed component. Also, the manifest verifier is 
encompassed in the verification that the "boot log has not been tampered with" by 
comparing the cryptographic digests of the manifest created for each of the 
components. 
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Claim 43 is rejected as applied above in rejecting claim 37. Furthermore, England 
discloses: 

The system of claim 37 wherein the usage protector comprises: 

a decryptor to decrypt a protected private key to generate a private key using the 
OSNK (column 7 lines 44-50, column 13 lines 10-59); 

a signature generator coupled to the decryptor to generate a signature of the 
subset of the software environment using the private key, the signature being stored in 
a storage (column 7 lines 44-50, column 13 lines 10-59); and 

a signature verifier to verify the signature to generate a modified/not modified flag 
using a public key, the signature being retrieved from the storage, the modified/not 
modified flag indicating whether the subset has been modified (column 7 lines 44-50, 
column 13 lines 10-59). 

England discloses that a "CPU 140 is capable of performing cryptographic functions, 
such as signing, encrypting, decrypting, and authenticating." It is obvious that the 
capability exists in the apparatus of England to decrypt a protected private key. Also, it 
is described that the processor has the capability to generate signatures, and the 
verification procedure for a signature is analogous to the comparator of the one-way 
hash functions. 
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Claim 44 is rejected as applied above in rejecting claim 37. Furthermore England 
discloses: 

The system of claim 37 wherein the usage protector comprises: 

a manifest generator to generate a manifest of the subset of the software 
environment, the manifest describing the subset of the software environment, the 
manifest being stored in storage (column 7 lines 44-50, column 13 lines 10-59); 

a signature generator coupled to the manifest generator coupled to the manifest 
generator to generate a manifest signature using a private key, the private key being 
decrypted by a decryptor using the OSNK, the manifest signature being stored in the 
storage (column 7 lines 44-50, column 13 lines 10-59); 

a signature verifier to verify the manifest signature to generate a signature 
verified flag using a public key, the manifest signature being retrieved from the storage 
(column 7 lines 44-50, column 13 lines 10-59); and 

a manifest verifier to verify the manifest to generate a manifest verified flag, the 
manifest being retrieved from the storage, the manifest verified flag and the signature 
verified flag being tested at a test center, the test center generating a pass/fail signal to 
indicate whether the subset has been modified (column 7 lines 44-50, column 13 lines 
10-59). 

A manifest is described as a "descriptor" or as "representing the subset in a concise 
manner." England discloses a representation of a component of code in an OS, "the 
identity is a cryptographic digest of the code for the component, or a well-known name, 
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or any other sting that is uniquely associated with the component." This can be 
interpreted as a "manifest" and the system of producing it as a "manifest generator." 
England discloses that a "CPU 140 is capable of performing cryptographic functions, 
such as signing, encrypting, decrypting, and authenticating." Also, England discloses 
"appending the identity of each loaded component" and "signing the boot log to attest to 
its validity." The signing of the boot log represents a signature generator that is present, 
and a verifier to verify the validity of the signed component. Also, the manifest verifier is 
encompassed in the verification that the "boot log has not been tampered with" by 
comparing the cryptographic digests of the manifest created for each of the 
components. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 703- 
305-8892. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 
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SUPERVISORY PATENT EXAMINER 
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